POST
/v1/auth/logout

Authorization

Descope Project ID:Refresh JWT
AuthorizationBearer <token>

Project ID:Refresh JWT as bearer token.

In: header

Request Body

application/json

logoutType?array<string>
string

Log the user out from the provided session

This API endpoint will sign the user out of the provided session using the refreshToken. Successfully executing this endpoint will invalidate the provided refresh tokens. Response will also include all user tokens and fields empty, so the executing client will remove cookies as well.

curl -X POST "https://api.descope.com/v1/auth/logout" \  -H "Content-Type: application/json" \  -d '{}'
{  "sessionJwt": "string",  "refreshJwt": "string",  "cookieDomain": "string",  "cookiePath": "string",  "cookieMaxAge": 0,  "cookieExpiration": 0,  "user": {    "loginIds": [      "string"    ],    "userId": "string",    "name": "string",    "email": "string",    "phone": "string",    "verifiedEmail": true,    "verifiedPhone": true,    "roleNames": [      "string"    ],    "userTenants": [      {        "tenantId": "string",        "roleNames": [          "string"        ],        "tenantName": "string",        "permissions": [          "string"        ],        "roleIds": [          "string"        ]      }    ],    "status": "string",    "externalIds": [      "string"    ],    "picture": "string",    "test": false,    "customAttributes": {      "attribute-key": "attribute-value"    },    "createdTime": 0,    "TOTP": false,    "SAML": false,    "OAuth": {      "property1": false,      "property2": false    },    "webauthn": true,    "password": true,    "ssoAppIds": [      "string"    ],    "givenName": "string",    "middleName": "string",    "familyName": "string",    "editable": true,    "SCIM": true,    "push": true,    "permissions": [      "string"    ],    "OIDC": true,    "consentExpiration": 0,    "recoveryEmail": "string",    "verifiedRecoveryEmail": true,    "recoveryPhone": "string",    "verifiedRecoveryPhone": true,    "modifiedTime": 0,    "roleIds": [      "string"    ]  },  "firstSeen": true,  "idpResponse": {    "samlResponse": "string",    "samlGeneratedUser": "string",    "samlGeneratedRoles": "string",    "oidcResponse": "string",    "oidcGeneratedUser": "string",    "oidcGeneratedRoles": "string",    "idpGroups": [      "string"    ],    "idpSAMLAttributes": false,    "idpOIDCClaims": {}  },  "sessionExpiration": 0,  "externalToken": "string",  "claims": {},  "tenantSSOID": "string",  "trustedDeviceJwt": "string",  "nextRefreshSeconds": 0,  "cookieName": "string",  "sessionCookieName": "string",  "sessionCookieDomain": "string",  "unsavedSSO": true}
/** * NOTE: if you add a new field to this message, also add it to the OptionalJWTResponse message */export interface Response {sessionJwt?: stringrefreshJwt?: stringcookieDomain?: stringcookiePath?: stringcookieMaxAge?: numbercookieExpiration?: numberuser?: {loginIds?: string[]userId?: stringname?: stringemail?: stringphone?: stringverifiedEmail?: booleanverifiedPhone?: booleanroleNames?: string[]userTenants?: UserTenants[]status?: stringexternalIds?: string[]picture?: stringtest?: boolean/** * Custom attributes as key-value pairs. Keys must be strings; values can be strings, numbers, booleans, or arrays. */customAttributes?: {[k: string]: string}createdTime?: numberTOTP?: booleanSAML?: booleanOAuth?: {[k: string]: boolean}webauthn?: booleanpassword?: booleanssoAppIds?: string[]givenName?: stringmiddleName?: stringfamilyName?: stringeditable?: booleanSCIM?: booleanpush?: booleanpermissions?: string[]OIDC?: booleanconsentExpiration?: numberrecoveryEmail?: stringverifiedRecoveryEmail?: booleanrecoveryPhone?: stringverifiedRecoveryPhone?: booleanmodifiedTime?: number/** * roleIds holds the IDs of this entry's roles. Order is NOT guaranteed to match *  roleNames — do not pair them by index. Use roleIds or roleNames independently. */roleIds?: string[]}firstSeen?: booleanidpResponse?: IDPResponsesessionExpiration?: numberexternalToken?: stringclaims?: {}tenantSSOID?: stringtrustedDeviceJwt?: stringnextRefreshSeconds?: numbercookieName?: stringsessionCookieName?: stringsessionCookieDomain?: stringunsavedSSO?: boolean}export interface UserTenants {tenantId?: stringroleNames?: string[]tenantName?: stringpermissions?: string[]/** * roleIds holds the IDs of this entry's roles. Order is NOT guaranteed to match *  roleNames — do not pair them by index. Use roleIds or roleNames independently. */roleIds?: string[]}export interface IDPResponse {samlResponse?: stringsamlGeneratedUser?: stringsamlGeneratedRoles?: stringoidcResponse?: stringoidcGeneratedUser?: stringoidcGeneratedRoles?: stringidpGroups?: string[]idpSAMLAttributes?: booleanidpOIDCClaims?: {}}
Was this helpful?